论文标题:基于数据挖掘的入侵检测系统研究
The Research of Intrusion Detection System Based on Data Mining
论文作者
论文导师 沈明玉,论文学位 硕士,论文专业 计算机应用技术
论文单位 合肥工业大学,点击次数 86,论文页数 62页File Size3272K
2006-10-01论文网 http://www.lw23.com/lunwen_118558847/
Data Mining; Intrusion Detection; Clustering Analysis; Association Rule; Sequence pattern
随着人类社会信息化程度不断提高,对网络的依赖性日益增强,计算机网络安全已引起人们的广泛关注。入侵检测是一种通过实时监测目标系统来发现入侵攻击行为的安全技术,现已成为网络安全领域中的一个研究热点。 本文在对入侵检测技术和数据挖掘技术进行深入研究的基础上,针对传统的入侵检测系统自适应能力不强、可扩展性差、不能检测未知形式的入侵等缺陷,提出了基于数据挖掘的入侵检测模型,主要工作如下: (1)研究了基于聚类分析的无监督异常检测方法,并改进了K均值算法用于聚类分析。通过实验证明,改进后的算法,提高了实时性。 (2)采用FP-growth算法和Prefixspan算法对网络连接记录进行关联规则挖掘和序列模式挖掘,并与传统的算法进行比较,提高了系统的效率。 (3)在分析了当前常用的入侵检测方法和入侵方法的基础上,提出了一种基于数据挖掘的入侵检测系统的设计方案。该模型具有自适应性和可扩展能力强的特点,降低了误检率和误报率,达到了提高入侵检测质量的目的,具有较广泛的应用价值。
With the increase of informatization level and enhancement of dependence on computer networks for human society, Computer network security has aroused extensive attention. Intrusion Detection is a security technology to detect the intrusion through monitoring the target system in runtime. Now it has become a hot research in a field of network security.Traditional IDS has some limitations: poor adaptability, lack of extensibility, and inability to detect novel attacks. Based on the thorough research of intrusion detection technology and data mining technology, The Research of Intrusion Detection System Based on Data mining is put forward in this dissertation. The main work were as follows:First, researched the unsupervised anomaly detection methods based on clustering analysis, improved the K-means algorithm. The algorithm is proved to have good performance in real-time detect with some experiments.Second, Analyzed the association rule mining and the sequential pattern mining algorithms. FP-growth and Prefixspan algorithms were used in network connectivity records. Compared with traditional methods, and improved the efficiency of the system.Third, based on the research on the intrusion detection technology and intrusion method in common use, a solution of runtime Intrusion Detection System based on data mining is proposed in the dissertation. The model has self-adaptability and strong extendable feature, and realizes low error detecting rare and misinformation rate. Thus, it achieves the goal of improving intrusion detection quality, and has widely application value
|
